Trisquel is not checking updates automatically
- Login o registrati per inviare commenti
Hello,
I am concerned about security point of view why Trisquel is not checking updates automatically
I did sudo apt-get upgrade and sudo apt-get update
it updated many packages and even linux header and linux new kernel and they it said to restart system by command ls /var/run | grep reboot
it means their were many updates and it didn't notified me why ??
even it is written when I open software update that Trisquel will not automatically check for updates for prevent unwanted connections what kind of reason is this we are using internet obviously it should ask to install security updates automatically
Allegato | Dimensione |
---|---|
updates-check.png | 22.14 KB |
I think it does not automatically check for updates, but you can set it to check updates.
You can also set it to install security updates automatically, but so as not to force installations of things you may not wish to install, I think it does not check even check by default, in-case you do not wish to have your computer even send any "check" signal to trisquel.info
There are notification programs, but in-case you are just installing offline, or not wishing to send a signal right away after your first connection to the internet it is off by default.
You can also change the source code to change this if you do not wish to change settings.
I think trisquel 11 and maybe 10 are still secure enough to get to get any update from trisquel.info
You can also use the Synaptic package manager to check for updates.
There are likely many new updates even after days of a new release of Trisquel so making a new ISO image for each update may be hard.
This way the end user can be in control of when that user wishes to update. It also lets the user check the source code before an update, or even compile that code on their own computer, to make sure it builds as the user wishes it should.
I do not remember the https://mirror.operationtulip.com site but I think you can set your computer to get code/binaries from places other than https://trisquel.info also.
I personally like this feature about Trisquel. Many other GNU/Linux distributions collect tons of telemetry, mostly through the browser, but also through automatic update checks or the like, which can be used to pretty well identify the user attached to their IP address. For example, if Trisquel called out for updates automatically on boot, then interceptors of that traffic on the network would know you have a Trisquel system (and that your system is up and running) since you're connecting to their mirrors immediately when you start your system. This could be used to establish, for example, patterns of behavior with your computer use: when you're turning your Trisquel system on and when it's offline is a pretty strong pattern. One of the nice things about having no default network connections is it gives you time to route your traffic through a VPN or use other mitigation techniques, before any network packets are sent out.
Software freedom is not just about the software you're running being under a free software license, but that the users aren't being taken advantage of by the software (for example modern DRM systems can be considered harmful even if the DRM software was theoretically free), and privacy-breaking features like automatic network connections can fall under this category depending on your perspective.
Just generally, for updates in particular, I don't believe automatic update installation is that common a feature in GNU/Linux distributions; most distributions expect that the user will update the system on their own when (and if) they want, usually from the command line. If you want automatic updates and your system is turned on most of the time, I recommend making a cron job. Otherwise, if your system will not consistently be running at any particular time when the scheduled cron job can happen, then you really don't have a choice but to update manually. Personally, I just update from the command line once every week or so with all of my non-server GNU/Linux installations. On my servers, since they're ideally running 24/7, I use a cron job.
Yeah, by default it won't.
If you want it to check for updates and install security updates, then set it up that way on software-properties, and it will do that.
So doesn't make vulnerable my system to not alarm me weather to update security update automatically ?
If the system is connected to a network, it is indeed advisable to install every security fix soon after it is available. There is here a tradeoff between security and privacy. Contrary to those who expressed themselves above, I tend to think it would be better if Trisquel would default to showing notifications about available upgrades. Indeed, Trisquel is the most user-friendly FSDG-compliant distribution and I feel it would be better if we could recommend its installation without having to list additional steps that are essential, security-wise.
The installation slideshow could explain that, by default, the only connection is to check for updates, in particular security updates. It could even explain where to change that setting.
I think Trisquel's graphical installer also lets users chose to install updates when installing Trisquel.
I like the option to install it without an internet connection, but it should be easy to install all updates when installing Trisquel when you can get a connection to the internet.
So when installing Trisquel you can also install the security fixes as well as all other updates by using Ubiquity, though there may also be a text-mode installer way of doing this as well.
https://trisquel.info/en/forum/how-does-trisquel-graphical-installer-work-well
You could also compile source code of any updates, as the source code is also available under free licenses.
Even I can't see this page I installed KDE Version in Trisquel
Hmmm, flidas?
If you are using flidas (8.0) then you have more security issues than updates not showing up, as you are using 2 distro releases behind which support ended in 2021.
Please backup and install the latest release: 11.0.1
You can find the latest ISO here, including the KDE one: https://cdbuilds.trisquel.org/aramo/11.0.1/
So you have support 'til 2027.
Regards.
Wasn't the previous screenshot taken on your system? It does mention "flidas". Does it occur in /etc/apt/sources.list?